Steve Parkinson wrote:
If you are referring to this bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=298045
This was fixed fairly soon after it was brought to our attention. As is
always the case, things get fixed much better with a proper bug report.
Sorry Steve, but then you should read bug 194245 or the *initial*
comment in bug 154121.
They both explicitely pointed to the fact mz should prompt for the root
certificate and that it is what ns 4 did.
Unfortunately, only 194245 explains very clearly that not doing that
breaks the spec in comm4-cert-download.html, and it was marked as a
duplicate of the other without transmission of that piece of information.
Are you saying that you knew about this problem and did not report the bug?
Very unfortunately, I somehow never crossed this problem before 2005,
where I found out that it was properly taken care of in bug 298045.
I could not understand how this bug could have been left uncorrected for
so long so I digged inside bugzilla too see what had happened.
So I could trace the initial implementation to bug 91407, where the
comment in the patch show Javier Delgadillo decided the thing to do was
to present the leaf certificate to the user. There is every reason why
this Netscape employee should have checked what ns 4 did, should have
read the existing documentation first, but well, it didn't happen.
Then we have bug 154121 where this was one step away from getting
corrected. I respect JGM's work in general, he certainly did a lot of
excellent job, but in that occasion the last comment in the bug where he
says he implemented the opposite of what the reporter requested before
closing the bug as FIXED is really upsetting.
It's not about the fact an error has been done, it's that it would have
taken only a few minutes more of rechecking, a little less trust in the
existing code, I'm sorry to say it like that, but also a little less
disdain for the motivations of the reporter's request to avoid it.
_______________________________________________
dev-tech-crypto mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-crypto
